| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Jul 2008 13:39:39 +0100
From: mcwidget <mcwidget@...il.com>
To: n3td3v <xploitable@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Nominate Dan Kaminsky for Most Overhyped Bug
Pwnie Award
>
> Hi Sandy Vagina,
>
> Looks like they did a U-turn after realising how over hyped the bug
> actually is.
>
> n3td3v
>
So the Cat's out of the bag and the bug's public.
http://blog.wired.com/27bstroke6/2008/07/kaminsky-on-how.html
http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html
Still think this deserves a nomination?
Hype. Excessive, exaggerated publicity, to give more attention than it
deserves.
http://www.google.co.uk/search?q=define%3Ahype
Given how easy it appears to be to redirect a client to a malicious web
server, is this publicity excessive? It's clearly had the most publicity
but I don't think it's that clean cut.
This is an awkward one as Mom and Pop web surfers sitting at home are the
ones that are vulnerable here if they're redirected and phished, yet they
cannot patch this and easily protect themselves through their normal methods
such as Windows Update or IE7's phishing filter (correct me if I'm wrong
here but I think this will report the site as OK) - they're relying on other
people patching this. In their shoes, I'd be screaming for publicity for
this to make sure other people are patching to keep me protected.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists